{"containers": {"cna": {"affected": [{"product": "CAMS for HIS", "vendor": "Yokogawa Electric Corporation", "versions": [{"status": "affected", "version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Directory traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-05T13:12:59.000Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CAMS for HIS", "version": {"version_data": [{"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"}]}}]}, "vendor_name": "Yokogawa Electric Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory traversal"}]}]}, "references": {"reference_data": [{"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf", "refsource": "MISC", "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}, {"name": "https://jvn.jp/vu/JVNVU97997181/index.html", "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.580Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5609", "datePublished": "2020-08-05T13:12:59.000Z", "dateReserved": "2020-01-06T00:00:00.000Z", "dateUpdated": "2024-08-04T08:30:24.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CB5C1D3-A410-478C-AEBC-7A85A30B39BC", "versionEndIncluding": "r3.09.50", "versionStartIncluding": "r3.08.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A", "versionEndIncluding": "r4.03.00", "versionStartIncluding": "r4.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D", "versionEndIncluding": "r5.04.20", "versionStartIncluding": "r5.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "041D122C-CAFD-4AA5-A45B-A51E2F024D67", "versionEndIncluding": "r6.07.00", "versionStartIncluding": "r6.01.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*", "matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3131E58F-D32D-4FDC-AAD1-DE7BBAC10659", "versionEndIncluding": "r5.05.01", "versionStartIncluding": "r5.04.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9458CCD1-1820-4395-95CD-AEAC589DA4B2", "versionEndIncluding": "r8.03.01", "versionStartIncluding": "r6.01.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*", "matchCriteriaId": "86DDD4A8-FE34-4446-A0C2-4E282F881068", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01 y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permiten a un atacante remoto no autenticado crear o sobrescribir archivos arbitrarios y ejecutar comandos arbitrarios por medio de vectores no especificados"}], "id": "CVE-2020-5609", "lastModified": "2024-11-21T05:34:21.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-05T14:15:13.187", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}